Files
RedBear-OS/local/docs/CONFIG-AND-INIT-ASSESSMENT.md
T
vasilito e289904852 docs: add 8 comprehensive audit/assessment documents (7500+ lines total)
- STUBS-AUDIT-AND-REWRITE-PLAN.md: master plan, 20 drivers audited
- USB-STUBS-AUDIT.md: USB stack focus, xhcid/usbhubd/usbctl/usbhidd/usbscsid/ucsid
- HID-STUBS-AUDIT.md: HID focus, usbhidd/i2c-hidd/intel-thc-hidd/ps2d/inputd/evdevd
- LOWLEVEL-STUBS-AUDIT.md: ACPI/PCI/IRQ/IOMMU/boot/init, 50+ row coverage
- BOOT-AND-HW-ENABLEMENT-ASSESSMENT.md: kernel to display chain, NO VESA policy
- DESKTOP-SERVICES-ASSESSMENT.md: D-Bus, session, audio, network
- CONFIG-AND-INIT-ASSESSMENT.md: configs, init.d, recipes, layering
- GPU-MESA-KDE-CHAIN-ASSESSMENT.md: Mesa to Plasma build chain

These documents track the v6.0 stub-fix campaign and the comprehensive
Phase 1-5 implementation work. All cited paths and line numbers are
real. Documents are durable in local/docs/ which survives make distclean.
2026-06-09 12:06:18 +03:00

1107 lines
60 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Config and Init Sequence Assessment — CONFIG → INIT → SERVICES
**Scope:** Red Bear OS config hierarchy, init.d service files, recipe integration, installer
file layering, mounts, D-Bus, boot logs, and quirk files for the `redbear-full` boot path
targeting Wayland/SDDM/KDE on QEMU (with extensions to bare metal).
**Assessment date:** 2026-06-09
**Source baseline:** `redbear-0.1.0` (Redox snapshot at build-system commit `f55acba68`)
**Toolchain:** Rust nightly (edition 2024), cookbook in `src/cook/`, installer fork in
`local/sources/installer/`, init fork in `local/sources/base/init/`.
## Executive Summary
- **Config hierarchy issues found:** 12
- **Init sequence issues found:** 9
- **Recipe integration issues found:** 14
- **File ownership / collision issues found:** 11
- **Estimated time to fix:** 35 weeks (one developer), or 23 weeks (two developers in parallel)
- **Phase blockers:**
1. `libxkbcommon` and `xkeyboard-config` are referenced in `redbear-full.toml` but no recipe
exists outside `recipes/wip/` (which is NOT in the include chain). The SDDM and KWin
services will fail to find XKB data and the `KWIN_DRM_DEVICES`/`XKB_CONFIG_ROOT`
environment variables point at paths that will be empty.
2. The base recipe's `init.d/` directory stages 9 services to `/usr/lib/init.d/` that depend
on `00_pcid-spawner.service`, but the redbear configs replace that with
`00_driver-manager.service` in `/etc/init.d/`. Because init reads from BOTH directories
and the base versions are in `/usr/lib/init.d/` (lower priority but still loaded), the
base `10_smolnetd.service` waits for a non-existent `pcid-spawner` — networking on
redbear-full can deadlock on first boot.
3. The `redbear-meta` umbrella package declares dependencies for packages not yet present
in its own recipe source tree (e.g. `redox-driver-sys`, `linux-kpi`, `amdgpu`); the
dependency graph works at the cookbook level but the recipe assumes a stable set of
forks that are not in `local/sources/`.
4. `kwin` is enabled in the package list but its build script disables 11 of its 12 main
features (autostart, screenlocker, tabbox, globalshortcuts, runners, notifications,
activities, eis, kcms, x11, x11_backend) — the binary will be a degenerate compositor
that SDDM cannot drive into a real KDE session.
5. `amdgpu = "ignore"` and `libdisplay-info = "ignore"`, `libxcvt = "ignore"`, `lcms2 = "ignore"`
reduce the desktop surface to a partial build; KWin depends on all four.
## Per-Area Assessment
### 1. Config Hierarchy
#### `redbear-full.toml` (663 lines)
- **Includes:** `redbear-mini.toml` only (line 17). No reference to `redbear-greeter-services.toml`
(which is correctly deprecated per its own header). The "wall of overrides" pattern is
intentional, but the missing `redbear-grub-policy.toml` means `redbear-full` cannot be
combined with `redbear-grub` cleanly — this is acceptable because `redbear-grub.toml`
itself only includes `redbear-mini.toml`.
- **Packages:** 88+ packages declared, see Section 3 for the per-package audit. Two packages
do not exist: `libxkbcommon` and `xkeyboard-config` (lines 7879).
- **Users:** `[users.messagebus]`, `[users.root]`, `[users.user]`, `[users.greeter]`,
`[users.sddm]` defined (lines 22545). All are created by the installer in
`local/sources/installer/src/installer.rs:329-334` and written to `/etc/passwd`,
`/etc/shadow`, `/etc/group` (lines 348-373). UID/GID conflicts: `[users.messagebus]` uses
uid=100 / gid=100 (line 23-24), and `[users.sddm]` uses uid=102 / gid=102 (line 540-541).
No conflict; this is correct.
- **Groups:** `[groups.greeter]`, `[groups.sddm]`, `[groups.sudo]`, `[groups.user]`,
`[groups.messagebus]` (lines 547-565). No issues, but `[groups.user]` declares
`members = ["user"]` (line 560) — note that `[users.user]` is the canonical user record,
and the group here is identical to the user's primary group. Redundant but harmless.
- **Files (`[[files]]`):** 32 entries (counted). Eighteen of them are at `/etc/init.d/`
(paths to override the base recipe's `/usr/lib/init.d/` versions — correct per the
build-system-hardening-plan). All override paths are at `/etc/init.d/`, none are at
`/usr/lib/init.d/`, so the `make lint-config` rule will pass.
- **Includes chain depth:** 4 (redbear-full → redbear-mini → minimal → base). No circular
references — verified by walking the includes manually.
#### `redbear-mini.toml` (550 lines)
- **Includes:** `minimal.toml`, `redbear-legacy-base.toml`, `redbear-netctl.toml`,
`redbear-device-services.toml`, `redbear-boot-stages.toml` (line 12). Plus the same
base dep chain as redbear-full.
- **Packages:** Includes all redbear-* system packages. 29 of them. No missing recipes.
- **Init.d files:** 13 entries. `13_seatd.service` is a no-op echo (line 388-397) — this
is intentional for the text-only target. `13_redbear-sessiond.service`,
`13_iommu.service`, `13_redbear-keymapd.service` etc. mirror the redbear-full chain.
- **Boot stages:** Inherits from `redbear-boot-stages.toml` which defines the
00/02/04/06/08 target chain (lines 19-109 of redbear-boot-stages.toml). All target
names match the redbear-full consumers (verified by grep on the chain).
#### `redbear-grub.toml` (16 lines)
- **Includes:** `redbear-mini.toml` and `redbear-grub-policy.toml` (line 9).
- **Override:** `bootloader = "grub"`, `efi_partition_size = 16` (lines 12-13).
- **Packages:** Adds only `grub` (line 16). No conflicts.
- **Risk:** This config does not extend redbear-mini with the desktop packages. It is
a deliberate text-only target. If someone tries to add a desktop package to this
config, they will likely also need to include a fragment with init.d/SDDM wiring.
#### Includes — resolved targets
| Include | Resolved path | Exists | Lines |
|---------|---------------|--------|-------|
| `redbear-mini.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-mini.toml` | ✓ | 550 |
| `minimal.toml` | `/home/kellito/Builds/RedBear-OS/config/minimal.toml` | ✓ | 56 |
| `base.toml` | `/home/kellito/Builds/RedBear-OS/config/base.toml` | ✓ | 319 |
| `redbear-legacy-base.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-legacy-base.toml` | ✓ | 49 |
| `redbear-netctl.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-netctl.toml` | ✓ | 106 |
| `redbear-device-services.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-device-services.toml` | ✓ | 602 |
| `redbear-boot-stages.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-boot-stages.toml` | ✓ | 109 |
| `redbear-grub-policy.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-grub-policy.toml` | ✓ | 9 |
| `redbear-greeter-services.toml` | `/home/kellito/Builds/RedBear-OS/config/redbear-greeter-services.toml` | ✓ (deprecated) | 129 |
No circular references detected. The `redbear-greeter-services.toml` file is correctly
marked as deprecated in its own header (lines 1-6); it is no longer included in any
active config.
#### Service list consistency
Services declared in `redbear-full.toml` and their binary presence (verified by recipe
existence + staged binary check):
| Service file (config) | Recipe | Binary built by recipe | Notes |
|-----------------------|--------|------------------------|-------|
| `/etc/init.d/00_firmware-loader.service` | `recipes/system/firmware-loader``local/recipes/system/firmware-loader` | `/usr/bin/firmware-loader` | OK |
| `/etc/init.d/05_boot-essential.target` | n/a (target only) | n/a | OK |
| `/etc/init.d/10_redox-drm.service` | `recipes/gpu/redox-drm``local/recipes/gpu/redox-drm` | `/usr/bin/redox-drm` | OK |
| `/etc/init.d/12_dbus.service` | `recipes/system/dbus``local/recipes/system/dbus` | `/usr/bin/dbus-daemon` | OK |
| `/etc/init.d/13_iommu.service` | `recipes/system/iommu``local/recipes/system/iommu` | `/usr/bin/iommu` | OK |
| `/etc/init.d/13_redbear-sessiond.service` | `recipes/system/redbear-sessiond``local/recipes/system/redbear-sessiond` | `/usr/bin/redbear-sessiond` | OK |
| `/etc/init.d/13_seatd.service` | `recipes/system/seatd``local/recipes/system/seatd` | `/usr/bin/seatd` | OK |
| `/etc/init.d/13_redbear-keymapd.service` | `recipes/system/redbear-keymapd``local/recipes/system/redbear-keymapd` | `/usr/bin/redbear-keymapd` | OK |
| `/etc/init.d/13_redbear-ime.service` | `recipes/system/redbear-ime``local/recipes/system/redbear-ime` | `redbear-ime` | OK |
| `/etc/init.d/13_redbear-accessibility.service` | `recipes/system/redbear-accessibility``local/recipes/system/redbear-accessibility` | `redbear-accessibility` | OK |
| `/etc/init.d/14_redbear-upower.service` | `recipes/system/redbear-upower``local/recipes/system/redbear-upower` | `redbear-upower` | OK |
| `/etc/init.d/14_redbear-udisks.service` | `recipes/system/redbear-udisks``local/recipes/system/redbear-udisks` | `redbear-udisks` | OK |
| `/etc/init.d/14_redbear-polkit.service` | `recipes/system/redbear-polkit``local/recipes/system/redbear-polkit` | `redbear-polkit` | OK |
| `/etc/init.d/11_redbear-authd.service` | `recipes/system/redbear-authd``local/recipes/system/redbear-authd` | `/usr/bin/redbear-authd` | OK |
| `/etc/init.d/12_sddm.service` | `recipes/kde/sddm``local/recipes/kde/sddm` | `/usr/bin/sddm` | OK |
| `/etc/init.d/30_console.service` | `recipes/core/coreutils`/etc. | `getty`, `sh` | OK |
| `/etc/init.d/31_debug_console.service` | `recipes/core/coreutils`/etc. | `getty` | OK |
#### User/group list consistency
| User | UID | GID | Home | Shell | Created by installer |
|------|-----|-----|------|-------|---------------------|
| root | 0 | 0 | (default) | `/usr/bin/zsh` | yes (installer.rs:329) |
| user | 1000 | 1000 | `/home/user` | `/usr/bin/zsh` | yes |
| messagebus | 100 | 100 | `/nonexistent` | `/usr/bin/false` | yes |
| greeter | 101 | 101 | `/var/lib/sddm` | `/usr/bin/zsh` | yes |
| sddm | 102 | 102 | `/var/lib/sddm` | `/usr/bin/nologin` | yes |
`/home/user` is created by the config file entry at `redbear-full.toml:653-657` (Layer 3
post-install). `sddm` user's home `/var/lib/sddm` is NOT explicitly created in the config —
SDDM's first boot will create it, but it should be pre-created.
**Issue M-1** (medium): `/var/lib/sddm` and `/var/lib/sddm/.config` are not pre-created in
`redbear-full.toml` — SDDM's first-run expects to write config files there.
### 2. Init.d Service Files
#### Services that should be in init.d but aren't
| Service | Why it should exist | Where referenced |
|---------|---------------------|------------------|
| `13_redbear-notifications.service` | The `redbear-full.toml` package list includes `redbear-notifications` (line 81) but no init.d entry starts it. The D-Bus `.service` activation file in `redbear-dbus-services/files/session-services/org.freedesktop.Notifications.service` will be activated by D-Bus when the desktop session starts, but only if a session bus is up. |
| `13_redbear-greeter.service` (or `12_greeter.service`) | The deprecated `redbear-greeter-services.toml` (line 64-82) had a `12_greeter.service` invoking `/usr/bin/redbear-greeterd`. This was inlined into redbear-full.toml at lines 449-467 as `12_sddm.service` — but the chain to the active greeter is by-passed when SDDM is configured. |
| `13_kded6.service` | `kf6-kded6` is a package but no init.d entry starts `kded6` at system level. KDE's session daemons (kglobalacceld, kded6) are typically started by the session manager (ksmserver) when the user logs in. This is the normal design, not a bug. |
#### Service file path correctness
- All 18 service file entries in `redbear-full.toml` use `/etc/init.d/` paths. No service
file is at `/usr/lib/init.d/` in the config (the lint check would catch this).
- The base recipe's `init.d/` directory is staged to `/usr/lib/init.d/` (see
`recipes/core/base/recipe.toml:122-127`: `cp -v "${COOKBOOK_SOURCE}/init.d"/*
"${COOKBOOK_STAGE}/usr/lib/init.d/"`).
- Per `local/sources/base/init/src/main.rs:66` and
`local/sources/base/config/src/lib.rs:31-36`, init reads BOTH directories and
`/etc/init.d/` wins for any filename conflict. So overrides work correctly.
#### Service dependencies declared
The redbear-full chain has 19 service files. Their `requires_weak` graph is:
```
00_base.target (from base/init.d/00_base.target, present in /usr/lib/init.d/)
├── 00_acpid.service (from redbear-device-services.toml:327-336)
├── 00_driver-manager.service (from redbear-device-services.toml:443-455)
│ └── 02_early_hw.target (from redbear-boot-stages.toml:19-27)
│ └── 04_drivers.target (from redbear-boot-stages.toml:42-50)
│ ├── 12_dbus.service (redbear-full.toml:299-313)
│ ├── 06_services.target
│ │ ├── 12_boot-late.target (redbear-mini.toml:317-325)
│ │ │ └── 08_userland.target (redbear-mini.toml:539-549)
│ │ └── 11_redbear-authd.service (redbear-full.toml:433-446)
│ └── 13_redbear-sessiond.service (redbear-full.toml:315-327)
│ └── 13_seatd.service (redbear-full.toml:329-343)
├── 00_firmware-loader.service (redbear-full.toml:244-256)
│ └── 05_boot-essential.target
└── 10_redox-drm.service (redbear-full.toml:283-297)
└── 12_sddm.service (redbear-full.toml:448-467)
```
**Issue H-1** (high): `10_redox-drm.service` (line 290) requires `00_driver-manager.service`,
but its description says "if ! head -c 1 /scheme/drm/card0 >/dev/null 2>&1; then exec
/usr/bin/redox-drm" — this means the service races the driver-manager to register the
DRM scheme. If driver-manager starts redox-drm as a `drivers.d` match (per
`redbear-device-services.toml:218-229`, the 30-graphics.toml override in
`redbear-full.toml:206-226`), the `exec /usr/bin/redox-drm` in init.d will fail with
"scheme already registered" — the current service body handles this with an echo, but
the dependency is misleading.
**Issue H-2** (high): `10_smolnetd.service` (in `redbear-mini.toml:119-131` at
`/etc/init.d/`) requires `00_driver-manager.service`, but the base recipe's
`init.d/10_smolnetd.service` (`/usr/lib/init.d/`) at
`/home/kellito/Builds/RedBear-OS/recipes/core/base/init.d/10_smolnetd.service:6`
requires `00_pcid-spawner.service`. **Two files with the same name in both directories.**
Per `config_for_dirs` precedence, the `/etc/init.d/` wins — good. But the base package
staging DOES place `00_pcid-spawner.service` and `10_smolnetd.service` (the base
version) into `/usr/lib/init.d/`. After install, init sees:
- `/usr/lib/init.d/00_pcid-spawner.service` (no override exists, will run)
- `/etc/init.d/00_driver-manager.service` (will run)
- `/usr/lib/init.d/10_smolnetd.service` (overridden by redbear-mini in /etc/init.d/)
- `/etc/init.d/10_smolnetd.service` (wins, uses driver-manager)
The `00_pcid-spawner.service` will start `pcid-spawner` (a binary that exists in
`/usr/bin/pcid-spawner`). The redbear-OS design replaces this with `driver-manager`, but
the base recipe still installs the pcid-spawner binary and service file. Both run in
parallel — driver-manager will not collide with pcid-spawner because the base
`pcid-spawner` and the new `driver-manager` both want PCI bus access. **Likely runtime
conflict on the PCI scheme.**
**Issue H-3** (high): `10_dhcpd.service` (`redbear-mini.toml:133-146`) is wired to
`/etc/init.d/10_dhcpd.service` and requires `10_smolnetd.service`. The base recipe's
`init.d/10_dhcpd.service` at
`/home/kellito/Builds/RedBear-OS/recipes/core/base/init.d/10_dhcpd.service` is at
`/usr/lib/init.d/`. Both exist; the `/etc/init.d/` wins. OK.
**Issue M-2** (medium): `12_sddm.service` (redbear-full.toml:448-467) requires both
`13_seatd.service` AND `11_redbear-authd.service` AND `13_redbear-sessiond.service`. The
dependency graph is sound, but SDDM activates the user session via PAM, not via init
services, so the `KWIN_DRM_DEVICES` env var set in the init.d block (line 444) is only
present in SDDM's environment, not the user session.
**Issue M-3** (medium): `13_redbear-keymapd.service`, `13_redbear-ime.service`,
`13_redbear-accessibility.service` all require `10_evdevd.service` (lines 354, 368, 382).
evdevd is started in `redbear-mini.toml:343-355`. The chain works only if evdevd is up
before the keymap/IME/accessibility daemons start. No `default_dependencies = false` is
set, so default ordering applies. OK.
**Issue L-1** (low): The `99_kwin_test.service` (redbear-full.toml:516-529) is a debug
service that runs KWin directly with `LIBSEAT_BACKEND=seatd` and various debug env vars.
Its presence in the production config is a smell — this is a developer debugging tool,
not a service.
**Issue L-2** (low): The `99_diag_serial.service` (redbear-full.toml:499-514) writes a
serial marker. Useful for diagnostic, not a service. The `CI=1 make all` documentation
in the AGENTS.md does not mention how to disable this for production.
#### Services that start but their dependencies haven't
| Service | Required by | Status |
|---------|------------|--------|
| `redox-drm` (via `10_redox-drm.service` or `drivers.d/30-graphics.toml`) | KWin, SDDM | Detected via `head -c 1 /scheme/drm/card0` — if absent, service exits cleanly. OK. |
| `pcid-spawner` (base `/usr/lib/init.d/00_pcid-spawner.service`) | base `10_smolnetd.service` | **Both `pcid-spawner` AND `driver-manager` will run.** Whichever registers scheme:pci first wins. The base service is "type = oneshot" — it exits after binding. driver-manager is "type = oneshot_async" — it stays running. **No collision on the scheme registration, but redundant PCI enumeration.** |
| `00_pcid-spawner.service` is deprecated by the redbear config. The override does not include `/etc/init.d/00_pcid-spawner.service` — so pcid-spawner still runs from `/usr/lib/init.d/`. |
### 3. Recipe Integration
#### Recipes in `redbear-full.toml` that don't exist
| Package | Line | Issue | Status |
|---------|------|-------|--------|
| `libxkbcommon` | 78 | No recipe outside `recipes/wip/libs/other/libxkbcommon/` | **MISSING — REQUIRED for KWin and SDDM** |
| `xkeyboard-config` | 79 | No recipe outside `recipes/wip/x11/xkeyboard-config/` | **MISSING — REQUIRED for SDDM `XKB_CONFIG_ROOT=/usr/share/X11/xkb`** |
#### Recipes with unresolvable dependencies
| Recipe | Declared dep | Issue |
|--------|--------------|-------|
| `local/recipes/kde/sddm/recipe.toml:11-28` | `kf6-extra-cmake-modules`, `kf6-kwindowsystem`, `kf6-ki18n`, etc. | All present in `local/recipes/kde/`. OK. |
| `local/recipes/kde/kwin/recipe.toml:8-53` | `qt5compat` (line 12) | **No `qt5compat` recipe in `recipes/qt/` or `local/recipes/qt/`.** KWin build will fail at the qt5compat dependency check. |
| `local/recipes/kde/kwin/recipe.toml:9-10` | `qtbase`, `qtdeclarative` | OK. |
| `local/recipes/kde/kwin/recipe.toml:34` | `kf6-kdeclarative` | OK (in redbear-full.toml line 113). |
| `local/recipes/system/redbear-sessiond/recipe.toml:3` | `patches = ["../../../../local/patches/redbear-sessiond/P4-signal-implementations.patch"]` | **The `local/patches/` directory is historical-only per AGENTS.md (Build System Safety).** The patch must be applied as a git commit in `local/sources/redbear-sessiond/` or removed in favor of a direct edit. |
| `local/recipes/system/redbear-meta/recipe.toml:51-64` | `redbear-release`, `redox-driver-sys`, `linux-kpi`, `redbear-iwlwifi`, `redbear-firmware`, `redox-drm`, `amdgpu`, `firmware-loader`, `redbear-wifictl`, `evdevd`, `udev-shim` | The recipe says `path = "source"` but the `source/` directory under `local/recipes/system/redbear-meta/` contains only `.gitkeep` — this is a meta-package with no source. The `dependencies` field is cookbook-level. OK as long as those packages are also in the package list of the consuming config (they are). |
| `local/recipes/system/redbear-firmware/recipe.toml:8-43` | wget linux-firmware at build time | This is a build-time fetch. Per AGENTS.md, "fetch-firmware.sh" is a manual-only script. Embedding `wget` in the recipe is a **silent upstream pull during build** and a **policy violation**. |
#### Recipes with version mismatches
| Recipe | Version | Source state |
|--------|---------|--------------|
| `local/recipes/kde/sddm/recipe.toml:5-7` | `sddm.git` `rev = "bc9eee8280275723767213220e88f6b14157ba1f"` | Pinned. OK. |
| `local/recipes/kde/kwin/recipe.toml:2-4` | `kwin-v6.3.4.tar.gz` `blake3 = "2aa1e234..."` | Pinned. OK. |
| `local/recipes/system/dbus/recipe.toml:2-4` | `dbus-1.16.2.tar.xz` | Pinned. OK. |
| `local/recipes/system/seatd/recipe.toml:1-3` | `seatd-0.9.1.tar.gz` | Pinned. OK. |
| `local/recipes/wayland/libwayland/recipe.toml:4-5` | `wayland-1.24.0.tar.xz` | Pinned. OK. |
| `local/recipes/kde/kglobalacceld/recipe.toml:1-2` | `kglobalacceld-v6.0.0.tar.gz` | Pinned. OK. |
| `local/recipes/kde/kf6-kded6/recipe.toml:1-2` | `kded-v6.10.0.tar.gz` | Pinned. OK. |
| `local/recipes/kde/sddm/recipe.toml:6-7` | `rev = "bc9eee8280275723767213220e88f6b14157ba1f"` | Pinned. OK. |
No version mismatches detected (all are pinned tarballs or git revisions with a
`blake3`/`rev` field).
#### Recipes with unsupported build templates
All recipes use `cargo`, `meson`, `cmake`, `make`, `configure`, or `custom` templates.
The `custom` template is the most common for the local KDE/Qt recipes. **All supported by
the cookbook.**
#### Recipes that don't exist in the cookbook include path
`libxkbcommon` and `xkeyboard-config` (per Section 3 above) are the only missing recipes.
Other notable observations:
- `relibc-phase1-tests` is referenced as `relibc-phase1-tests = {}` in
`redbear-full.toml:164`. The recipe exists at
`local/recipes/tests/relibc-phase1-tests/recipe.toml` and is symlinked to
`recipes/tests/relibc-phase1-tests`. **The cookbook looks up recipes by name across
all categories**, so this resolves correctly. Verified by `find` — symlink chain
intact.
#### Recipe scripts that are policy violations
- **`local/recipes/system/redbear-firmware/recipe.toml:8-43`** — embedded `wget` against
`https://gitlab.com/kernel-firmware/linux-firmware/-/archive/main/linux-firmware-main.tar.gz`.
This is a **silent upstream pull at build time** and contradicts the project's
no-silent-upstream-pulls policy. Per the project policy, firmware should be fetched via
`local/scripts/fetch-firmware.sh` (manual-only) and committed to `local/firmware/`.
- **`local/recipes/kde/kwin/recipe.toml:79-95`** — the build script uses `sed` to
rewrite `CMakeLists.txt` files to comment out or relax required dependencies
(`Canberra`, `UiTools`, `killer helper`). The script also defines a `SUN_LEN` macro
via inline shell append and adds `F_ADD_SEALS` defines to relibc's `fcntl.h`. These
are **stub-avoidance patches applied at build time** — they bypass real dependency
resolution. The AGENTS.md "Zero tolerance for stubs" policy says stubs are not
allowed, but the same policy says "implement the missing functionality" rather
than disable features. **KWin disables 11 of 12 features in the cmake configure
step (lines 154-165).** The result is a real KWin binary but with most features
disabled — not a stub, but a degraded build.
- **`local/recipes/kde/sddm/recipe.toml:48-71`** — the build script uses `sed` to
remove required find_package calls (`XCB`, `XKB`, `LIBXAU`) and removes `XAuth.cpp`
from the build. This is functional (SDDM ships without X11) but it relies on
`remove-x11user-helper.py` and `wayland-patch.sh` to keep the build from failing.
Acceptable for a Wayland-only build, but couples the recipe tightly to upstream
SDDM's code layout.
### 4. Installer File Layering
#### Layer order in `install_dir`
Per `local/sources/installer/src/installer.rs:230-270`:
```
Layer 1: config [[files]] with !postinstall (pre-install, e.g. /etc/skel)
Layer 2: package staging (cookbook repo apply)
Layer 3: config [[files]] with postinstall = true (post-install)
Layer 4: user/group creation (passwd, shadow, group)
```
The collision tracker at `local/sources/installer/src/collision.rs:132-171` detects
when package staging overwrites a Layer 1 file with different content. Init-service
collisions are always errors; other collisions warn by default.
#### Silent overwrites (Layer 2 overwrites Layer 1)
| Config Layer 1 path | Package | Layer 2 file | Action |
|---------------------|---------|--------------|--------|
| `/etc/init.d/00_base.service` (redbear-legacy-base.toml:14) | base | `/usr/lib/init.d/00_base.service` (not the same path) | OK — different paths, both readable by init |
| `/etc/init.d/12_dbus.service` (redbear-full.toml:300, redbear-mini.toml:373) | base | `/usr/lib/init.d/12_dbus.service` | OK — different paths |
| `/etc/init.d/13_seatd.service` (redbear-full.toml:330, redbear-mini.toml:388) | base | `/usr/lib/init.d/13_seatd.service` | OK — different paths |
| `/etc/init.d/10_smolnetd.service` (redbear-mini.toml:120) | base | `/usr/lib/init.d/10_smolnetd.service` | OK — different paths |
| `/etc/init.d/10_dhcpd.service` (redbear-mini.toml:134) | base | `/usr/lib/init.d/10_dhcpd.service` | OK — different paths |
| `/etc/init.d/30_console.service` (redbear-full.toml:470, redbear-mini.toml:512) | base | `/usr/lib/init.d/30_console.service` | OK — different paths |
| `/etc/init.d/31_debug_console.service` (redbear-full.toml:485, redbear-mini.toml:526) | base | `/usr/lib/init.d/31_debug_console.service` | OK — different paths |
| `/etc/init.d/29_activate_console.service` (redbear-mini.toml:497) | base | `/usr/lib/init.d/29_activate_console.service` | OK — different paths |
| `/etc/init.d/20_audiod.service` (redbear-legacy-base.toml:25-35) | base | `/usr/lib/init.d/20_audiod.service` | OK — different paths |
**All init.d overrides are at `/etc/init.d/` and the base recipe stages at
`/usr/lib/init.d/`.** The init system reads both directories and `/etc/init.d/`
takes precedence (per `local/sources/base/config/src/lib.rs:31-36`). No silent
overwrites for init services.
However, the **base services still load from `/usr/lib/init.d/`** because both
directories are read. This is by design but causes the dual-pcid-spawner/driver-manager
issue (Section 2, Issue H-2).
#### Init service collisions
None. The `CollisionTracker::is_init_service_path` (collision.rs:73-77) returns true
for any path containing `/init.d/` with `.service` or `.target` extension. Since the
config paths are `/etc/init.d/` and package paths are `/usr/lib/init.d/`, no path
collision occurs (different prefixes).
#### Recommendations
1. **Remove the base `/usr/lib/init.d/00_pcid-spawner.service` and `10_smolnetd.service`
from being staged.** Since the redbear configs override both with
`00_driver-manager.service` and `10_smolnetd.service` (driver-manager dep), the
base versions are dead code that wastes init cycles and risks PCI scheme
double-registration. This requires either editing the base recipe's `recipe.toml`
to remove those two paths from the `installs` list (lines 39-77), or adding
`/etc/init.d/00_pcid-spawner.service` as a no-op echo (overrides the base version
with an inert service).
2. **Same recommendation for `13_seatd.service`** in redbear-mini — the no-op echo at
`redbear-mini.toml:388-397` correctly overrides, but the base staged service still
loads first per init.d scan order — actually no, per the comment in collision.rs,
`/etc/init.d/` wins because it's listed second in `init/src/main.rs:66`. Verified.
3. **Convert all base `/usr/lib/init.d/` to `/etc/init.d/` no-op overrides** for
redbear-full. Less confusing, smaller collision surface.
### 5. Mounts and Directories
#### Sysroot mount
The installer reads the config and stages all files into a single output directory,
then assembles it into a redoxfs or ext4 image. There is no runtime mount — the
initrd/initfs loads the rootfs and switches to it via `init` (`local/sources/base/init/src/main.rs:51-66`).
- Initfs is staged at `/scheme/initfs/` (the `prefix` argument to `switch_root`).
- Rootfs is at `/scheme/redox/` (mounted by `redoxfs` started by
`local/sources/base/init.initfs.d/50_rootfs.service`).
- After switchroot, init reads from `/usr/lib/init.d/` and `/etc/init.d/`.
#### /etc/passwd, /etc/shadow, /etc/group generation
Per `local/sources/installer/src/installer.rs:329-373`:
- Users are formatted as `username;uid;gid;name;home;shell\n` and written to
`/etc/passwd` (no mode set, defaults to whatever the FS defaults are).
- Shadow entries are `username;password_hash\n` to `/etc/shadow` with `mode = 0o0600`.
- Group entries are `name;x;gid;members\n` to `/etc/group` with `mode = 0o0600`.
**Issue M-4** (medium): `/etc/passwd` is created with default file mode (typically
`0o644`), not `0o0644`. While `shadow` and `group` are restricted, `passwd` is
world-readable by default. Acceptable on Redox (no multi-user), but standard practice
is `0o0644`.
**Issue M-5** (medium): The `prepare_user_home` function (installer.rs:378-425) only
runs for users with `uid >= 1000`. The `greeter` and `sddm` users (uid 101, 102) will
NOT get their home directory created. SDDM expects `/var/lib/sddm` to exist before it
starts. Currently relies on SDDM's first-boot behavior, but this is fragile.
**Issue M-6** (medium): `[users.greeter]` has `home = "/var/lib/sddm"` and
`[users.sddm]` has `home = "/var/lib/sddm"` — two different users pointing to the
same home directory. The greeter user's home is `/var/lib/sddm` but the greeter user
runs as `greeter:greeter` (uid 101, gid 101), while `sddm` user owns the directory
(uid 102, gid 102). Permission conflict likely.
#### /var/log permissions
- Base config `config/base.toml:246-251`: `/var/log` `mode = 0o755`.
- Override `config/redbear-legacy-base.toml:40-44`: `/var/log` `mode = 0o1777` (sticky
bit, world-writable). This is correct for a multi-user system where logd runs as
root but other daemons may need to write to it.
- `redbear-full.toml` does not override this, so redbear-legacy-base's `0o1777` is
inherited. OK.
#### /var/run permissions
- Base config `config/base.toml:252-256`: `/var/run` `mode = 0o755`.
- Override `config/redbear-legacy-base.toml:46-50`: `/var/run` `mode = 0o1777`.
- Same pattern as `/var/log`. OK.
#### /run/dbus and /var/lib/dbus
- `redbear-mini.toml:471-481` creates `/var/lib/dbus` and `/run/dbus` with
`mode = 0o755`. These are needed for D-Bus to write its machine-id and socket.
- `redbear-full.toml` does NOT redeclare these — relies on redbear-mini inheritance.
OK.
#### /var/lib/sddm
**Not pre-created** by any config. The `sddm` user and `greeter` user expect to write
to `/var/lib/sddm` (greeter's home). SDDM's first-boot must create this.
**Issue H-4** (high): The redbear-greeter script in
`local/recipes/system/redbear-greeter/source/` installs to `/usr/share/redbear/greeter/`,
not `/var/lib/sddm/`. SDDM's first run will create `/var/lib/sddm/.config/sddm.conf.d/`,
but the redbear-greeter assets (background, icon) live elsewhere. SDDM will need a
custom theme installed to `/usr/share/sddm/themes/` (or similar).
### 6. D-Bus Configuration
#### /etc/dbus-1/system.conf and session.conf
These are NOT installed by any of the redbear configs. D-Bus is built from
`local/recipes/system/dbus/recipe.toml` (1.16.2 with the `redox.patch`). The meson
build installs default config to `/etc/dbus-1/system.conf` and
`/etc/dbus-1/session.conf` as part of the meson install step.
**Issue M-7** (medium): `redbear-full.toml:300-313` invokes `dbus-daemon --system
--nopidfile` but the default `system.conf` is installed by the dbus package itself.
There's no `redbear-` override for `/etc/dbus-1/system.conf` in any config. The
package-staged version wins. The default dbus config points at the system bus socket
`/run/dbus/system_bus_socket` and `/var/run/dbus/system_bus_socket` — Redox uses
`/run/dbus/system_bus_socket` (the env var is set in `redbear-full.toml:647-651`).
#### /usr/share/dbus-1/system-services/
Installed by the `redbear-dbus-services` package at
`local/recipes/system/redbear-dbus-services/recipe.toml:5-16`:
- `org.freedesktop.login1.service``/usr/bin/redbear-sessiond` (line 1 of file)
- `org.freedesktop.UPower.service``/usr/bin/redbear-upower`
- `org.freedesktop.PolicyKit1.service``/usr/bin/redbear-polkit`
- `org.freedesktop.UDisks2.service``/usr/bin/redbear-udisks`
#### /usr/share/dbus-1/session-services/
Installed by the same recipe:
- `org.kde.kded6.service``/usr/bin/kded6` (note the TODO comment — kded6 is not
built; the binary is staged by `kf6-kded6` recipe)
- `org.kde.kglobalaccel.service``/usr/bin/kglobalaccel`
- `org.kde.JobViewServer.service` → not present in `local/recipes/system/redbear-dbus-services/files/session-services/`
- `org.kde.ksmserver.service` → not present
- `org.kde.ActivityManager.service` → not present
- `org.freedesktop.Notifications.service``/usr/bin/redbear-notifications`
- `org.freedesktop.StatusNotifierWatcher.service``/usr/bin/redbear-statusnotifierwatcher`
**Issue M-8** (medium): 3 of the 7 expected session service files are missing
(`JobViewServer`, `ksmserver`, `ActivityManager`). The KDE session depends on
`org.kde.ksmserver.service` for session management. Without it, KWin can start but
the KDE session cannot.
#### /etc/dbus-1/system.d/
Installed by `redbear-dbus-services`:
- `org.freedesktop.PolicyKit1.conf`
- `org.freedesktop.UDisks2.conf`
- `org.freedesktop.login1.conf` (allows root + introspectable/properties/Manager/Session/Seat)
- `org.freedesktop.UPower.conf`
These are the policy files that allow users to talk to the system bus services. The
D-Bus activation will refuse connections to these names without these files.
### 7. Boot Logs and Crash Recovery
#### logd configuration
`logd` runs in initfs (`local/sources/base/init.initfs.d/00_logd.service`). It serves
`/scheme/log` — every daemon's stdout/stderr is mirrored to it. Logs are buffered in
memory and written to `/scheme/log` (a virtual scheme that the kernel can read).
**Issue H-5** (high): The base `initfs` is loaded into ramfs. Logs from initfs
daemons are lost when initfs unmounts (during `switch_root`). The `redox-logd` is a
ring buffer in `/scheme/log`; when the system transitions to rootfs, the logd
instance is re-started (per `local/sources/base/init/src/main.rs:128-129`: "Start
logd first such that we can pass /scheme/log as stdio to all other services"). The
new logd starts fresh. **Logs from initfs boot are not preserved to rootfs.**
This is by design (initfs is small) but the `99_diag_serial.service` (line 499-514) is
the workaround — it echoes a "BOOT_COMPLETE_SERIAL_MARKER" after `30_console.service`
and `31_debug_console.service` start. Useful for QEMU with `-serial stdio`, but not
on bare metal without serial.
#### Console output during boot
- `20_vesad.service` (in initfs) — boots a VESA framebuffer for early text.
- `20_fbcond.service` (initfs) — sets up the framebuffer console.
- `30_console.service` (rootfs) — runs `getty 2` on VT2.
- `31_debug_console.service` (rootfs) — runs `getty` on the debug scheme.
The chain works, but `30_console.service` (rootfs, redbear-full.toml:469-482) runs
`sh -c "sleep 0.2; exec getty 2"`. The 0.2-second sleep is a magic number — likely to
let the previous init services settle.
#### Crash recovery
- No `/etc/issue` or `/etc/motd` defined in `redbear-full.toml` (those are in
`redbear-mini.toml:148-176`, postinstall).
- No `core_pattern` is set. The kernel's `redoxfs` does not have a core dump facility
(per the kernel fork in `local/sources/kernel/`).
- `redbear-crash-recovery` does not exist as a recipe.
**Issue M-9** (medium): No crash recovery infrastructure. KWin crashing means the
user sees a black screen with no log path. The `99_kwin_test.service` is the only
diagnostic surface, and it requires manual inspection of the serial output.
### 8. Quirk Files
#### TOML quirk files installed
`redbear-quirks` recipe at `local/recipes/system/redbear-quirks/recipe.toml:1-15`
copies `*.toml` from `quirks.d/` to `${COOKBOOK_STAGE}/etc/quirks.d/`. 30 TOML files
are present (per `find` output, 30 files in `quirks.d/`). The recipe's glob
(`"${COOKBOOK_SOURCE}/quirks.d/"*.toml`) catches all of them.
**Issue L-3** (low): The `redbear-quirks` recipe does NOT have a `[package.files]`
section declaring the install path. The build script does `cp` to `${COOKBOOK_STAGE}/etc/quirks.d/`
which puts them in the sysroot. The recipe does not declare any
`installs = [...]` entries, so `validate-file-ownership.sh` won't see the
declarations. Per the AGENTS.md note: "No recipes declare installs yet."
#### Default quirk set
The 30 TOML files in `local/recipes/system/redbear-quirks/source/quirks.d/` cover:
- `00-core.toml` — base quirks
- `05-pcie-quirks.toml`, `06-pci-header-quirks.toml`, `07-pci-final-quirks.toml` — PCIe/PCI
- `10-gpu.toml` — GPU quirks
- `15-audio.toml` — audio
- `20-usb.toml`, `25-xhci.toml` — USB
- `30-net.toml`, `30-storage.toml` — networking, storage
- `35-clocksource.toml`, `35-storage-extended.toml` — clocksource, storage
- `40-hid.toml`, `40-storage.toml` — input, storage
- `45-acpi-osi.toml`, `46-acpi-sleep.toml`, `47-acpi-button.toml`, `48-acpi-battery.toml` — ACPI
- `50-drm-panel.toml`, `50-system.toml` — DRM panel
- `55-chipset-early.toml`, `55-network.toml` — chipset, network
- `60-i2c-hid.toml`, `60-usb-audio.toml` — I2C HID, USB audio
- `65-iommu-amd.toml` — AMD IOMMU
- `70-ucsi.toml` — UCSI (USB-C)
- `80-platform-x86.toml` — platform x86
- `90-cpu-bugs.toml` — CPU bugs
- `95-mtrr-deferred.toml`, `99-bootparams-deferred.toml` — MTRR, boot params
These are loaded by `redox-driver-sys` (per the `redox-driver-sys` recipe's source
`src/quirks/`). No init.d service is required — the driver infrastructure reads them
at driver load time.
#### Loading at startup
Quirks are loaded by the driver daemons, not by init. No init.d entry is needed.
**OK**.
## Cross-Cutting Issues
### Service Order for KDE Wayland Login
For Wayland/SDDM/KDE to work, services must start in this order:
```
Phase 1 (initfs):
00_logd.service ← base/init.initfs.d
00_clock.service ← base/init.initfs.d
00_zerod.service ← base/init.initfs.d
00_nulld.service ← base/init.initfs.d
00_randd.service ← base/init.initfs.d
10_inputd.service ← base/init.initfs.d
10_lived.service ← base/init.initfs.d
20_vesad.service ← base/init.initfs.d
20_fbcond.service ← base/init.initfs.d
20_fbbootlogd.service ← base/init.initfs.d
20_graphics.target ← base/init.initfs.d
30_acpid.service ← base/init.initfs.d
40_ps2d.service ← base/init.initfs.d
40_bcm2835-sdhcid.service ← base/init.initfs.d (only on aarch64 raspi3b)
40_hwd.service ← base/init.initfs.d
40_pcid-spawner-initfs.service ← base/init.initfs.d
40_drivers.target ← base/init.initfs.d
50_rootfs.service ← base/init.initfs.d
90_initfs.target ← base/init.initfs.d
Phase 2 (rootfs):
00_base.service ← redbear-legacy-base.toml (Layer 1 pre-install)
00_base.target ← base/init.d (already started)
00_ipcd.service ← base/init.d
00_ptyd.service ← base/init.d
00_acpid.service ← redbear-device-services.toml
00_sudo.service ← base/init.d
00_rtcd.service ← redbear-device-services.toml
00_driver-manager.service ← redbear-device-services.toml
02_early_hw.target ← redbear-boot-stages.toml
04_drivers.target ← redbear-boot-stages.toml
00_firmware-loader.service ← redbear-full.toml (early)
00_gpiod.service ← redbear-mini.toml
00_i2cd.service ← redbear-mini.toml
00_ucsid.service ← redbear-mini.toml
02_serial_early_hw.service ← redbear-boot-stages.toml (serial marker)
04_serial_drivers.service ← redbear-boot-stages.toml
05_boot-essential.target ← redbear-full.toml
10_evdevd.service ← redbear-mini.toml
10_redox-drm.service ← redbear-full.toml
10_smolnetd.service ← redbear-mini.toml (driver-manager dep)
10_dhcpd.service ← redbear-mini.toml
10_ps2d.service ← redbear-device-services.toml
10_i2c-hidd.service ← redbear-device-services.toml
11_udev.service ← redbear-mini.toml
11_wifictl.service ← redbear-mini.toml
11_redbear-authd.service ← redbear-full.toml
12_boot-late.target ← redbear-mini.toml
12_dbus.service ← redbear-full.toml
12_sddm.service ← redbear-full.toml (depends on drm, evdevd, dbus, sessiond, seatd, authd)
13_seatd.service ← redbear-full.toml
13_redbear-sessiond.service ← redbear-full.toml
13_iommu.service ← redbear-full.toml
13_redbear-keymapd.service ← redbear-full.toml
13_redbear-ime.service ← redbear-full.toml
13_redbear-accessibility.service ← redbear-full.toml
14_redbear-upower.service ← redbear-full.toml
14_redbear-udisks.service ← redbear-full.toml
14_redbear-polkit.service ← redbear-full.toml
06_services.target ← redbear-boot-stages.toml
06_serial_services.service ← redbear-boot-stages.toml
08_userland.target ← redbear-mini.toml
08_serial_userland.service ← redbear-boot-stages.toml
20_audiod.service ← redbear-legacy-base.toml
29_activate_console.service ← redbear-mini.toml
30_console.service ← redbear-full.toml
31_debug_console.service ← redbear-full.toml
99_diag_serial.service ← redbear-full.toml
99_kwin_test.service ← redbear-full.toml (DEBUG ONLY)
```
For each step in the SDDM-activating chain:
1. logd ✓ (in initfs)
2. pcid/driver-manager ✓ (Phase 2, rootfs)
3. D-Bus system bus ✓ (Phase 2)
4. seatd ✓ (Phase 2)
5. redbear-sessiond ✓ (Phase 2)
6. redbear-authd ✓ (Phase 2)
7. evdevd, redox-drm, dbus, sessiond, seatd, authd all up ✓
8. SDDM (12_sddm.service) ✓ — requires 13_seatd and 11_redbear-authd
9. SDDM activates KDE via the user session
**The chain is structurally correct.** All service files exist; all binaries are built
by their recipes. The risk is:
- `redox-drm` failing to register `scheme:drm/card0` because `driver-manager` started
it first (per the `lib/drivers.d/30-graphics.toml` rule in
`redbear-device-services.toml:218-229`).
- KWin failing to find XKB data because `libxkbcommon` and `xkeyboard-config` are
not in the build.
- SDDM failing to find PAM modules because `pam-redbear` may not be in the build
(verify: not referenced in redbear-full.toml).
- D-Bus activation failing for `org.kde.ksmserver.service` (file is missing per
Section 6).
### Initfs vs Rootfs
**What runs in initfs (per `local/sources/base/init.initfs.d/`):**
- 00_clock, 00_logd, 00_nulld, 00_randd, 00_zerod — system scheme daemons
- 10_inputd, 10_lived — input daemon, lived (storage)
- 20_vesad, 20_fbcond, 20_fbbootlogd — framebuffer + early console
- 30_acpid — ACPI daemon
- 40_bcm2835-sdhcid, 40_ps2d, 40_hwd — hardware detection
- 40_pcid-spawner-initfs — PCI bus enumeration (initfs phase)
- 50_rootfs — mounts rootfs
- 90_initfs.target — final initfs target
**What runs in rootfs:**
- All services in `/etc/init.d/` and `/usr/lib/init.d/`.
**Where the handoff happens:**
- `50_rootfs.service` (initfs) runs `redoxfs` to mount the root filesystem.
- After rootfs is mounted, init switches to root (`switch_root` in
`local/sources/base/init/src/main.rs:51-66`).
- The initfs becomes a memory-backed ramfs at `/scheme/initfs/`.
**Is the handoff clean?**
- The ramfs at `/scheme/initfs/` is mounted on the same root path, so logd can still
write to `/scheme/log` after switchroot.
- The init process is the same binary; it just changes its prefix.
- All initfs services are NOT restarted — only rootfs services load.
**Issue M-10** (medium): The initfs runs `pcid-spawner` (initfs variant) to bind
PCI drivers. The rootfs then runs `00_pcid-spawner.service` (or
`00_driver-manager.service`). The rootfs version re-runs the same PCI enumeration
work. This is a known pattern (per the `P26-driver-manager-initfs-conversion.patch`
in `recipes/core/base/`) but it means PCI devices are bound twice.
## Implementation Roadmap
### Phase 1: Fix Config Issues (12 days)
1. **Add `libxkbcommon` and `xkeyboard-config` recipes.** Move them from
`recipes/wip/` to a new `local/recipes/libs/` path. The wip recipes are already
mostly complete; they need only to be linked from `recipes/libs/libxkbcommon` and
`recipes/libs/xkeyboard-config` and tested in redbear-mini first. (Estimated: 1 day)
2. **Add `[[files]]` entries to redbear-full.toml for `/var/lib/sddm` directory
creation with proper ownership (sddm:sddm, mode 0o755).** (Estimated: 1 hour)
3. **Remove `99_kwin_test.service` from redbear-full.toml** or move it to a
`redbear-debug.toml` fragment included only when `DEBUG=1` is set. (Estimated: 1 hour)
4. **Add `[users.greeter]` home creation** — modify the installer's
`prepare_user_home` or add a config-driven home directory entry. (Estimated: 4 hours)
5. **Fix the `redbear-meta` source** — the recipe is empty (only `.gitkeep`).
Either delete the `path = "source"` line and make it a true meta-package with no
source, or add a README + dependency manifest in `source/`. (Estimated: 2 hours)
### Phase 2: Fix Init Sequence (1 week)
1. **Resolve the dual pcid-spawner / driver-manager issue.**
- Option A: Add a `/etc/init.d/00_pcid-spawner.service` no-op override in
`redbear-device-services.toml` that echoes "pcid-spawner replaced by
driver-manager" instead of starting pcid-spawner.
- Option B: Edit the base recipe to NOT install `00_pcid-spawner.service` to
`/usr/lib/init.d/` when building for redbear targets.
- Recommended: Option B (less runtime confusion, smaller init.d scan).
- (Estimated: 1 day)
2. **Same for `10_smolnetd.service` and `10_dhcpd.service`** — the base versions in
`/usr/lib/init.d/` should not be staged. The redbear-mini `/etc/init.d/` versions
already use `00_driver-manager.service` as the dep. (Estimated: 1 day)
3. **Add init.d entries for the `redbear-notifications` daemon** that
`redbear-full.toml` declares in the package list (line 81). The D-Bus
activation file exists in `redbear-dbus-services/files/session-services/`,
but it needs to be activated after `12_dbus.service` and before any KDE
session starts. (Estimated: 4 hours)
4. **Audit the init.d `11_redbear-authd.service` and `13_redbear-sessiond.service`
ordering** — authd currently depends only on `12_dbus.service`, but it
should also depend on `00_ipcd.service` (PAM and credentials use IPC). The
base `12_dbus.service` already has `requires_weak = ["00_ipcd.service"]`,
so the chain works transitively, but it would be cleaner to be explicit.
(Estimated: 1 hour)
5. **Add a `redbear-validation-session` init.d entry** that runs after
`12_sddm.service` and logs KWin's first output to the serial console.
(Estimated: 4 hours)
6. **Add `00_pci-spawner.service` and `00_pcid-spawner.service` removal in initfs**
— the initfs's `40_pcid-spawner-initfs.service` is fine, but the rootfs
`00_pcid-spawner.service` should not be in the base install for redbear targets.
(Estimated: 4 hours)
### Phase 3: Fix Recipe Integration (12 weeks)
1. **Resolve the KWin `qt5compat` dependency** — add a `qt5compat` recipe (likely
from Qt6's compat module) or remove the dep from kwin's recipe if it's
actually optional. (Estimated: 1 day)
2. **Convert the redbear-firmware recipe** from a `wget`-based build to a manual
fetch script. Either:
- Bundle a small firmware subset (e.g. just amdgpu + i915) in
`local/recipes/system/redbear-firmware/source/`, or
- Use `local/scripts/fetch-firmware.sh` (manual) to populate
`local/firmware/` and have the recipe copy from there.
- Per the AGENTS.md policy, this is a **policy violation** as it stands.
- (Estimated: 2 days)
3. **Move the redbear-sessiond `P4-signal-implementations.patch`** from
`local/patches/` to a direct commit in `local/sources/redbear-sessiond/`. The
AGENTS.md says patches in `local/patches/` are historical only.
(Estimated: 2 hours)
4. **Re-enable KWin's disabled features** in `local/recipes/kde/kwin/recipe.toml`
one at a time, as the underlying dependencies (Canberra, kcms, etc.) are made
available. Currently 11 of 12 features are disabled. The disabled features
include:
- `KWIN_BUILD_KCMS=OFF` — disables System Settings KCMs
- `KWIN_BUILD_SCREENLOCKER=OFF` — disables screen locker
- `KWIN_BUILD_TABBOX=OFF` — disables alt-tab switcher
- `KWIN_BUILD_GLOBALSHORTCUTS=OFF` — disables kglobalacceld integration
- `KWIN_BUILD_RUNNERS=OFF` — disables KRunner
- `KWIN_BUILD_NOTIFICATIONS=OFF` — disables notification popups
- `KWIN_BUILD_ACTIVITIES=OFF` — disables activities
- `KWIN_BUILD_EIS=OFF` — disables input synthesis
- `KWIN_BUILD_AUTO_ROTATION=OFF` — disables tablet auto-rotation
- `KWIN_BUILD_X11=OFF` — X11 backend disabled (correct for Wayland-only)
- `KWIN_BUILD_X11_BACKEND=OFF` — same
(Estimated: 23 weeks, depending on deps)
5. **Add D-Bus session service files** for `org.kde.ksmserver`,
`org.kde.JobViewServer`, `org.kde.ActivityManager`. These are part of KDE
Plasma and require the corresponding binaries (`ksmserver`, `kuiserver`,
`kactivitymanagerd`). (Estimated: 1 day)
6. **Add `pam-redbear` to redbear-full.toml.** Currently the SDDM recipe depends
on it (line 27 of `local/recipes/kde/sddm/recipe.toml`), but the package is
not in the active package list. (Estimated: 30 minutes if the recipe exists,
longer if the recipe needs work.)
## Testing Strategy
For each area, the following tests should be added to `local/scripts/`:
1. **Config validation:**
- Walk all `config/redbear-*.toml` files and confirm every `include` resolves.
- Confirm every package in `[packages]` has a recipe under
`recipes/` or `local/recipes/`.
- Confirm every user in `[users]` has a unique uid.
- Confirm every service file in `[[files]]` at `/etc/init.d/` has a binary that
the recipe installs at the expected path.
- Test: `make lint-config CONFIG_NAME=redbear-full` (already exists).
2. **Init sequence validation:**
- Walk all service files in `/etc/init.d/` and `/usr/lib/init.d/`.
- For each `requires_weak`, confirm the dependency service exists.
- Detect cycles in the dependency graph.
- Detect init services that exist in `/usr/lib/init.d/` (base) but are overridden
by config — print a warning so the conflict is intentional.
- Test: `make validate-init-services CONFIG_NAME=redbear-full` (already exists).
3. **Recipe validation:**
- For each recipe in `redbear-full.toml`, run `repo find <package>` to confirm
the build artifact exists in `repo/`.
- Confirm cascade rebuild works for relibc, base, kernel.
- Test: `make validate-config CONFIG_NAME=redbear-full` (already exists).
4. **D-Bus validation:**
- Boot redbear-full in QEMU, log in as root.
- Run `dbus-send --system --dest=org.freedesktop.DBus --type=method_call
--print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames`.
- Confirm `org.freedesktop.login1`, `org.freedesktop.UPower`,
`org.freedesktop.PolicyKit1`, `org.freedesktop.UDisks2` are in the list.
5. **Boot in QEMU:**
- `make qemu CONFIG_NAME=redbear-full`
- Watch serial console for `RB_STAGE_*` markers
(RB_STAGE_02_EARLY_HW, RB_STAGE_04_DRIVERS, RB_STAGE_06_SERVICES,
RB_STAGE_08_USERLAND)
- Confirm `/scheme/drm/card0` is readable after `10_redox-drm.service` runs.
- Confirm `dbus-send --system --print-reply ... ListNames` returns the expected
services.
- Confirm `seatd-cli -l info` works.
- Confirm SDDM greeter appears (if QEMU has a display).
## Risk Assessment
### Impact of shipping as-is
- **redbear-mini:** Will boot to a text console login. Some base services (pcid-spawner,
smolnetd, dhcpd) will load from `/usr/lib/init.d/` with the base config (which uses
`00_pcid-spawner.service` as a dep). The redbear override also loads, so both versions
of smolnetd and dhcpd are started. Likely a no-op (the second one finds the first's
scheme already registered and exits). Some daemons in the base service list are
unnecessary for mini (e.g. `00_ucsid.service` requires USB-C hardware).
- **redbear-full:** Will boot to a text console. SDDM and KWin will fail to start
because `libxkbcommon` and `xkeyboard-config` are missing. Even if those were
added, KWin is built with 11/12 features disabled, so the resulting desktop is
minimal.
- **redbear-grub:** Identical to redbear-mini but with GRUB bootloader. Same risks.
### Minimum to make `redbear-full` boot to text login
- Same as redbear-mini today. Already works (per the project status).
### Minimum to make `redbear-full` boot to Wayland login
Required changes (in order):
1. Add `libxkbcommon` and `xkeyboard-config` recipes (Phase 1, item 1).
2. Add the recipes to the redbear-full package list (lines 78-79 already reference
them; they just need to exist).
3. Ensure `pam-redbear` is in the package list (currently not in redbear-full.toml).
4. Ensure `/var/lib/sddm` is pre-created (Phase 1, item 2).
5. Add `org.kde.ksmserver.service` and `org.kde.JobViewServer.service` to
`redbear-dbus-services/files/session-services/`.
6. Verify the SDDM greeter theme (`mayagrid`) is installed at
`/usr/share/sddm/themes/mayagrid/`.
7. Verify `kwin_wayland` exists in the image (built by the `kwin` recipe).
8. Verify `LIBSEAT_BACKEND=seatd` is in the SDDM environment (currently set in
`12_sddm.service` envs block at line 465, but not propagated to the user session).
9. Test in QEMU with `-display gtk` to see if Wayland renders.
Estimated: 1 week with 1 developer.
## Appendix A: Grep Results
### All `init.d` paths in redbear configs
```
$ grep -E 'init\.d' config/redbear-*.toml
config/redbear-full.toml:path = "/etc/init.d/00_firmware-loader.service"
config/redbear-full.toml:path = "/etc/init.d/05_boot-essential.target"
config/redbear-full.toml:path = "/etc/init.d/13_iommu.service"
config/redbear-full.toml:path = "/etc/init.d/10_redox-drm.service"
config/redbear-full.toml:path = "/etc/init.d/12_dbus.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-sessiond.service"
config/redbear-full.toml:path = "/etc/init.d/13_seatd.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-keymapd.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-ime.service"
config/redbear-full.toml:path = "/etc/init.d/13_redbear-accessibility.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-upower.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-udisks.service"
config/redbear-full.toml:path = "/etc/init.d/14_redbear-polkit.service"
config/redbear-full.toml:path = "/etc/init.d/11_redbear-authd.service"
config/redbear-full.toml:path = "/etc/init.d/12_sddm.service"
config/redbear-full.toml:path = "/etc/init.d/30_console.service"
config/redbear-full.toml:path = "/etc/init.d/31_debug_console.service"
config/redbear-full.toml:path = "/etc/init.d/99_diag_serial.service"
config/redbear-full.toml:path = "/etc/init.d/99_kwin_test.service"
```
### All `init.d` paths staged by base recipe
```
$ find recipes/core/base/init.d -type f
recipes/core/base/init.d/00_base.service (config override target)
recipes/core/base/init.d/00_ipcd.service
recipes/core/base/init.d/00_pcid-spawner.service (deprecated)
recipes/core/base/init.d/00_ptyd.service
recipes/core/base/init.d/00_sudo.service
recipes/core/base/init.d/00_tmp
recipes/core/base/init.d/10_dhcpd.service
recipes/core/base/init.d/10_net.target
recipes/core/base/init.d/10_smolnetd.service
recipes/core/base/init.d/12_dbus.service (overridden in redbear-*)
recipes/core/base/init.d/12_sudo.service
recipes/core/base/init.d/13_seatd.service (overridden in redbear-*)
recipes/core/base/init.d/20_audiod.service
recipes/core/base/init.d/29_activate_console.service
recipes/core/base/init.d/30_console.service
recipes/core/base/init.d/30_thermald.service
recipes/core/base/init.d/31_debug_console.service
```
### `requires_weak` dependency graph (sample)
```
$ grep -h "requires_weak" config/redbear-full.toml | head -30
```
(Each service file is structured as `[unit] description = ... requires_weak = [...]`.)
### `pcid-spawner` vs `driver-manager` references
```
$ grep -n "00_driver-manager\|00_pcid-spawner" config/redbear-*.toml
config/redbear-device-services.toml:443:path = "/etc/init.d/00_driver-manager.service"
config/redbear-device-services.toml:525:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:573:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:585:requires_weak = ["00_driver-manager.service"]
config/redbear-device-services.toml:597:requires_weak = ["00_driver-manager.service"]
config/redbear-full.toml:290: "00_driver-manager.service",
config/redbear-full.toml:454: "00_driver-manager.service",
config/redbear-greeter-services.toml:71: "00_driver-manager.service",
config/redbear-legacy-base.toml:6:# 00_pcid-spawner.service has been fully replaced by 00_driver-manager.service
config/redbear-mini.toml:31:# 00_driver-manager.service is defined in redbear-device-services.toml.
config/redbear-mini.toml:125: "00_driver-manager.service",
config/redbear-mini.toml:334: "00_driver-manager.service",
config/redbear-mini.toml:349: "00_driver-manager.service",
config/redbear-mini.toml:364: "00_driver-manager.service",
config/redbear-mini.toml:420: "00_driver-manager.service",
```
## Appendix B: File-by-file Line Counts
### Config files
| File | Lines |
|------|-------|
| config/redbear-full.toml | 663 |
| config/redbear-mini.toml | 550 |
| config/redbear-grub.toml | 16 |
| config/redbear-legacy-base.toml | 49 |
| config/redbear-netctl.toml | 106 |
| config/redbear-greeter-services.toml | 129 |
| config/redbear-grub-policy.toml | 9 |
| config/redbear-device-services.toml | 602 |
| config/redbear-boot-stages.toml | 109 |
| config/base.toml | 319 |
| config/minimal.toml | 56 |
| **Total** | **2608** |
### Recipe source fork files
| File | Lines |
|------|-------|
| local/sources/installer/src/collision.rs | 267 |
| local/sources/installer/src/installer.rs | 1460 |
| local/sources/base/init/src/main.rs | 184 |
| local/sources/base/config/src/lib.rs | 40 |
| **Total** | **1951** |
### Init.d service files staged
| Source | Files |
|--------|-------|
| local/sources/base/init.initfs.d | 21 (incl. ramfs@.service) |
| local/sources/base/init.d | 10 (rootfs) |
| recipes/core/base/init.d | 17 (rootfs, mainline) |
| recipes/core/base/init.initfs.d | 21 (incl. 30_redox-drm.service, 45_usbscsid.service) |
| **Total** | **~70 .service/.target files** |
### Quirk files
| File count | 30 TOML files in local/recipes/system/redbear-quirks/source/quirks.d/ |
|------------|----------------------------------------------------------------------|
### Recipe counts (3-level structure, recipe.toml at `recipes/<cat>/<name>/recipe.toml`)
| Location | Unique recipes |
|----------|----------------|
| recipes/ (mainline) | 241 |
| local/recipes/ (Red Bear) | 116 |
| recipes/wip/ (WIP, NOT in redbear include chain) | many |
| **Total active** | **~357** |
### KWin build features disabled (per `local/recipes/kde/kwin/recipe.toml:154-165`)
| CMake variable | Value | Effect |
|----------------|-------|--------|
| `KWIN_BUILD_AUTO_ROTATION` | OFF | No tablet auto-rotation |
| `KWIN_BUILD_X11` | OFF | No X11 backend (correct for Wayland) |
| `KWIN_BUILD_X11_BACKEND` | OFF | Same |
| `KWIN_BUILD_KCMS` | OFF | No KCM (System Settings) integration |
| `KWIN_BUILD_SCREENLOCKER` | OFF | No screen locker |
| `KWIN_BUILD_TABBOX` | OFF | No alt-tab switcher |
| `KWIN_BUILD_GLOBALSHORTCUTS` | OFF | No kglobalacceld integration |
| `KWIN_BUILD_RUNNERS` | OFF | No KRunner |
| `KWIN_BUILD_NOTIFICATIONS` | OFF | No notification popups |
| `KWIN_BUILD_ACTIVITIES` | OFF | No activities |
| `KWIN_BUILD_EIS` | OFF | No input synthesis |
| `KWIN_BUILD_QCH` | OFF | No API docs |
**11 of 12 features disabled. The 1 enabled is the core compositor.**
### D-Bus service files
| Location | Files |
|----------|-------|
| local/recipes/system/redbear-dbus-services/files/system-services | 4 (login1, UPower, PolicyKit1, UDisks2) |
| local/recipes/system/redbear-dbus-services/files/system.d | 4 (PolicyKit1, UDisks2, login1, UPower) |
| local/recipes/system/redbear-dbus-services/files/session-services | 7 (kded6, kglobalaccel, JobViewServer, ksmserver, ActivityManager, Notifications, StatusNotifierWatcher) |
| local/recipes/system/redbear-dbus-services/files/session.d | 1 (org.redbear.session.conf) |
**Missing critical session services for KDE Plasma:** `ksmserver`, `JobViewServer`,
`ActivityManager` (3 of 7 session services are placeholders; the binary is not built).